16 Mar 2025

light mode

How Park Jin Led North Korea’s $1.4B Bybit Crypto Heist

How Park Jin Led North Korea’s $1.4B Bybit Crypto Heist

At first, February 21, 2025, looked like just another workday at Bybit. Employees logged in, traders placed orders, and in the depths of Bybit’s cold wallets, a staggering 401,347 ETH—valued at $1.4 billion—remained locked behind layers of encryption and multi-signature security. Everything was as it should be. Until it wasn’t.

On this page

And then, in a split second, $1.4 billion vanished…

  • No security alerts.
  • No immediate red flags.
  • No evidence of forced entry.

The transfer had been approved—by Bybit’s own security team.

At that moment, thousands of miles away in Pyongyang, one man watched it all unfold in real time. A figure known only to top intelligence circles and the hidden depths of the dark web.

His name? Park Jin Hyok.

A digital ghost. The most elusive cybercriminal North Korea had ever unleashed.

For months—perhaps years—he meticulously planned every move.

He infiltrated Bybit’s operations. Exploited its weaknesses. Created an illusion so perfect that it passed right under the noses of the best cybersecurity experts.

This wasn’t a hack. It was a psychological operation.

Possibly the most intricate digital heist the world has ever seen.

The Man Who Never Was

There were no public sightings of Park Jin Hyok.

No official photos.
No verifiable proof of his identity.

Yet, his digital fingerprints had been pursued for years by top intelligence agencies and cybersecurity teams worldwide.

  • To the FBI and Interpol, he was one of the most dangerous cybercriminals on record.
  • To North Korea, he was a national asset so vital that his very existence was classified.

Park Jin: The Shadow Operative of Pyongyang

He wasn’t just another hacker.

He was a meticulously trained cyber operative, shaped by Kim Chaek University of Technology and drafted into the Reconnaissance General Bureau (RGB)—North Korea’s most secretive intelligence division.

His mission?

  • Break in undetected.
  • Exploit weaknesses.
  • Cripple financial systems from the inside.

While amateur hackers relied on brute force, Park played the long game, embedding himself within digital structures and unraveling them piece by piece.

Now, North Korean cyber units are targeting GitHub and npm packages, posing a growing risk to developers worldwide. We analyze the details of the hack attack in our latest report.

The Digital Shadow That Stole Billions

2014: Sony Pictures—Hollywood’s secrets exposed in a devastating breach.
2016: A surgical strike on the Bangladesh Central Bank, draining $81 million via SWIFT.
2017: WannaCry—ransomware that held the world hostage, paralyzing hospitals and corporations alike.
2022: The Ronin Bridge attack—$625 million in crypto vanished overnight.
2023-2024: A relentless campaign against crypto exchanges—$1.34 billion stolen in a year.

But Bybit?

That was his masterpiece.

Park Jin Hyok—a North Korean cyber operative, accused of engineering some of the most catastrophic digital heists in history. FBI’s most wanted - The Coinomist
Park Jin Hyok—a North Korean cyber operative, accused of engineering some of the most catastrophic digital heists in history. FBI’s most wanted. Source: fbi.gov

The Bybit Breach: A Cyber Heist Unlike Any Other

Stolen credentials. Leaked security keys. Exploited smart contracts.

That’s how most crypto heists unfold.

But this was different.

Park Jin Hyok and the Lazarus Group didn’t crack Bybit’s defenses.

They cracked its people.

Lazarus Didn’t Break In—They Settled In

Well before the heist, they were already inside:

  • Listening to Bybit’s internal conversations.
  • Controlling email servers.
  • Watching from within employee workstations.

Yet they remained unseen. Unnoticed.

They stole nothing.

Not yet.

They waited.
They listened.
They learned.

Only one crucial piece remained:

Who Controls Bybit’s Cold Wallets?

Lazarus didn’t guess. They calculated.

They pinpointed a small, exclusive circle of employees with the power to authorize transactions from Bybit’s Ethereum reserves.

  • They tracked their routines.
  • Predicted their behaviors.
  • Studied their workflow down to the smallest detail.

And then, with precision and patience, they struck.

Bybit stands among the most advanced crypto exchanges. Discover its core functionalities, trading ecosystem, and security layers in our expert breakdown.

A Masterpiece of Deception

February 21.

The final act had begun.

A transfer request surfaced in Bybit’s security interface.

Every detail was meticulously crafted.

✔ The interface was indistinguishable from past transactions.
✔ The recipient’s wallet had a clean history.
✔ The amount raised no suspicion.

It was a perfect forgery.

But behind the polished facade, the contract was already compromised.

The moment employees hit “Approve”, they weren’t just authorizing a transfer.

They were rewriting the smart contract, handing Lazarus complete access to Bybit’s cold storage.

“This is Lazarus. They just stole $1.46 billion from Bybit. And they didn’t break the code — they broke the people,” Web3 analyst Pix (@PixOnChain) stated.

North Korea converts stolen crypto into funding for its military operations - The Coinomist
North Korea converts stolen crypto into funding for its military operations. Source: Х

Looking to cash out your Notcoin on Bybit’s pre-market? We’ve got you covered. Step-by-step instructions, expert insights, and what to do after your sale—read our full guide for traders!

A Split-Second Decision Worth $1.4 Billion

They examined the transaction. Everything checked out.

A brief hesitation—then, one by one, they authorized the transfer.

At that moment, Bybit’s $1.4 billion slipped away.

Now, it was under North Korea’s command.

Vanishing Act: How Lazarus Covered Its Tracks

The golden rule of a billion-dollar crypto heist? Don’t get caught moving the money.

Lazarus took their time. They had done this before.

✔ ETH were dispersed into 53 different wallets, instantly obscuring the trail.
✔ Some held 10,000 ETH, others barely enough to notice.
✔ The funds lay untouched, frozen in time, waiting for the right moment to slip through mixers and cross-chain swaps.

They had drained billions in crypto over the years, yet much of it still sat untouched—an invisible fortune waiting in the dark.

Some funds stolen back in 2018 remain untouched to this day.

Lazarus understood one thing: money doesn’t need to move to be valuable. They could wait—for years if necessary.

As Bybit fought to recover their losses, Park Jin was already orchestrating his next breach.

The Most Significant Crypto Hacks of 2024—quarterly insights into the biggest attacks and their market impact. Full report available now!

Bybit Faces Its Toughest Hack—And Endures

A $1.4 billion breach could have spelled the end for any exchange.

Bybit, however, remained firm.

With swift action, Ben Zhou (CEO & Co-founder) stabilized the situation:

✔ Secured emergency capital, absorbing 80% of the financial hit.
✔ Protected user assets, preventing further panic.
✔ Maintained liquidity, allowing withdrawals—even as $1.5 billion left within a day.

Although we have been hit by the worst hack possibly in the history of any medians (banks, crypto, finance).

But all Bybit functions and product remain functional, the Whole team had been awake all night to process and answer client questions and concerns.

ALL hands on DECK. Rest assured, we are here with you,

Ben Zhou outlined.

Bybit held its ground—But at what cost?

The breach had already made history. The largest crypto hack ever recorded.

Now, the world demanded justice.

Manhattan prosecutors vs the crypto hacker—what are the charges, and how will this shake the market?

The Lazarus Playbook: A Game-Changer for Crypto Security?

This wasn’t just about Bybit.

This attack revealed a terrifying truth:

  • Multi-signature wallets aren’t unbreakable.
  • Cold storage is not as secure as the industry believed.
  • The real risk isn’t in the blockchain—it’s in the people operating it.

For years, crypto was seen as an unhackable system. Lazarus proved otherwise.

They infiltrated one of the world’s most fortified exchanges—without deploying malware, without writing a single exploit.

And as long as they continue their operations, they’ll strike again.

In 2024, North Korean hackers stole a record-breaking amount from crypto platforms - The Coinomist
In 2024, North Korean hackers stole a record-breaking amount from crypto platforms. Source: Сhainalysis

Park Jin Hyok: The Phantom North Korea Can’t Afford to Lose

Somewhere within North Korea, Park Jin Hyok lives in the shadows.

The FBI wants him in cuffs.

Interpol follows his every move online.

His government? They don’t just deny he exists—they depend on him.

To Pyongyang, he’s not a criminal. He’s a national hero.

And as long as billions continue to flow through crypto, there’s only one question left:

Who will be the next victim?

Hacker ethics explained—black-hat, white-hat, gray-hat. Learn the key differences and how each group operates in our in-depth guide.

The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.

Articles by this author
Pump․fun Meme Coin Launches Collapsed To 0.82%

Pump․fun Meme Coin Launches Collapsed To 0.82%

The Pump․fun platform has recorded an unprecedented drop in the weekly graduation rate of meme coins – for the first time, it fell below 1%, reaching 0.82%.

Anton Kryshtal
Senate Banking Committee Passes Stablecoin Bill: What the Genius Act Means 

Senate Banking Committee Passes Stablecoin Bill: What the Genius Act Means 

The Senate Banking Committee has endorsed the Senate Stablecoin Bill GENIUS (Guiding and Establishing National Innovation for U.S. Stablecoins), which seeks to set up a clear regulatory framework for payment of stablecoins.

Anahit Avetisyan
$100 Billion Gone! Bitcoin Speculators Trapped by the Market

$100 Billion Gone! Bitcoin Speculators Trapped by the Market

CryptoQuant reports that short-term Bitcoin investors lost over $100 billion while trying to cash in on BTC’s extreme volatility.

Anton Kryshtal
Crypto Scam Exposed: AML Bitcoin CEO Faces Conviction

Crypto Scam Exposed: AML Bitcoin CEO Faces Conviction

AML Bitcoin CEO Rowland Marcus Andrade was found guilty of wire fraud and money laundering by a federal jury in California after a five-week trial for misleading investors.

Anahit Avetisyan
How the Ethereum Foundation Is Shaping the Future of Crypto

How the Ethereum Foundation Is Shaping the Future of Crypto

For over a decade, the Ethereum Foundation has been the driving force behind Ethereum’s growth—from Vitalik Buterin’s white paper to a global financial and technological revolution.

Ivan Dikalenko
The Biggest Tweets in Crypto This Week: SEC vs Ripple Updates & More

The Biggest Tweets in Crypto This Week: SEC vs Ripple Updates & More

Summing up this week in Crypto Twitter/X: major announcements, updates, rumors, and interesting takes on the SEC vs Ripple case, Ethereum’s updates, the Trump family deal with Binance, and more.

Anahit Avetisyan
The Stablecoin Showdown: How USDC and Tether Compete for Dominance

The Stablecoin Showdown: How USDC and Tether Compete for Dominance

Two giants lead the stablecoin market—Tether (USDT) and USD Coin (USDC). But beneath their promise of stability lies a fierce competition.

Ivan Dikalenko
What Is Fiat Currency and Its Role in the Crypto World?

What Is Fiat Currency and Its Role in the Crypto World?

Discover fiat currency—a government-issued money without intrinsic value—and learn how it interacts with cryptocurrencies and influences digital financial systems worldwide.

The Coinomist
How to Short Crypto Safely and Effectively: Tips and Strategies

How to Short Crypto Safely and Effectively: Tips and Strategies

Learn advanced strategies for shorting crypto safely. This guide covers key tips, risk management techniques, and various methods like direct shorting, futures, margin trading, and options.

The Coinomist
Risk Reversal: A Deep Dive into Best Practices

Risk Reversal: A Deep Dive into Best Practices

Explore risk reversal strategies and learn best practices for managing risks in trading and business. Understand how to balance risk and reward to optimize outcomes.

The Coinomist
World Bridge Currency: Is XRP the Future of World Bridge Currencies?

World Bridge Currency: Is XRP the Future of World Bridge Currencies?

Explore XRP as a potential world bridge currency. Learn how its speed, low fees, and scalability could transform global cross-border transactions and reshape financial systems.

The Coinomist
What Is TRC20? Exploring the Tron Network Standard

What Is TRC20? Exploring the Tron Network Standard

Discover TRC20, the token standard on the TRON blockchain. Learn how TRC20 tokens work, their advantages like low fees and speed, and their use cases in DeFi, gaming, and more.

The Coinomist
What Is a Bullish Market? How to Spot One Before It Happens

What Is a Bullish Market? How to Spot One Before It Happens

Learn what a bullish market is, its key characteristics, and how to identify early signs before a full bull market develops. Gain insights into market trends and strategies.

The Coinomist
Trump’s “US Crypto Reserve” Plan: A Game Changer or Just Talk?

Trump’s “US Crypto Reserve” Plan: A Game Changer or Just Talk?

It takes just one post from Trump to stir the crypto market. Recently, he announced on Truth Social that the evaluation of a strategic crypto reserve is in progress as part of his broader Trump crypto policy.

Anahit Avetisyan
Trump’s Crypto Tax Plan: Smart Policy or Risky Gamble?

Trump’s Crypto Tax Plan: Smart Policy or Risky Gamble?

There’s been a lot of talk about possible changes to crypto tax policies in the U.S. One of the more controversial ideas floating around is “Trump no tax on crypto.” As Trump adopts a more crypto-friendly stance, major rumors have surfaced that he’s considering a 0% tax on crypto gains.

Anahit Avetisyan
MORE
Wealth, Influence, and Bitcoin: The Market Moves of the Ultra-Rich

Wealth, Influence, and Bitcoin: The Market Moves of the Ultra-Rich

Billionaires have a significant impact on digital asset prices, often driving instability and engaging in crypto market manipulation. This view is echoed by American entrepreneur David Wolfe.

The Coinomist
The New Crypto Sports Economy: Sponsorships, Fan Tokens, and NFTs 

The New Crypto Sports Economy: Sponsorships, Fan Tokens, and NFTs 

Crypto companies are shaking up crypto sport, partnering with clubs and stadiums for high-profile sponsorships. This means big bucks for athletes, thanks to advertising and fan tokens.

The Coinomist
MORE